wikiv3:nismap

nisMap
Usuários e grupos
Configuração no cliente
Novo Usuário

nisMap

# cat autofs.ldif
dn: ou=PosixAccount,dc=laboratorio,dc=com,dc=br
ou: PosixAccount
objectClass: top
objectClass: organizationalUnit
 
dn: nisMapName=auto.master,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
nisMapName: auto.master
objectClass: nisMap
 
dn: cn=/ldaphome,nisMapName=auto.master,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: /ldaphome
objectClass: nisObject
nisMapName: auto.master
nisMapEntry: auto.home
 
dn: nisMapName=auto.home,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
nisMapName: auto.home
objectClass: nisMap
 
dn: cn=/,nisMapName=auto.home,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: /
objectClass: nisObject
nisMapName: auto.home
nisMapEntry: -fstype=nfs,rw,hard,intr autofs.laboratorio.com.br:/ldaphome/&

# sed -i 's/^ $//g' autofs.ldif
# ldapadd -x -D cn=admin,dc=laboratorio,dc=com,dc=br -f autofs.ldif -h localhost -p 389 -w senha123

Usuários e grupos

# cat users_groups.ldif
dn: cn=gean,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: gean
objectClass: top
objectClass: posixGroup
gidNumber: 1050
 
dn: cn=tony,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: tony
objectClass: top
objectClass: posixGroup
gidNumber: 1051
 
dn: uid=gean,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: Gean Martins
sn: Martins
givenName: Gean
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
uidNumber: 1050
gidNumber: 1050
homeDirectory: /ldaphome/gean
loginShell: /bin/bash
uid: gean
userPassword: {SSHA}D6hb0o/v32C82e1XzwCozoWB3kKBM6m9
 
dn: uid=tony,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: Tony Stark
sn: Stark
givenName: Tony
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
uidNumber: 1051
gidNumber: 1051
homeDirectory: /ldaphome/tony
loginShell: /bin/bash
uid: tony
userPassword: {SSHA}D6hb0o/v32C82e1XzwCozoWB3kKBM6m9
 
dn: cn=sysadmin,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
objectClass: posixGroup
objectClass: top
cn: sysadmin
gidNumber: 50003
description: Grupo que faz acesso ao Linux
memberUid: gean
memberUid: tony
 
dn: cn=gean,nisMapName=auto.home,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: gean
objectClass: nisObject
nisMapName: auto.home
nisMapEntry: -fstype=nfs,rw,hard,intr autofs.laboratorio.com.br:/ldaphome/gean
 
dn: cn=tony,nisMapName=auto.home,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: tony
objectClass: nisObject
nisMapName: auto.home
nisMapEntry: -fstype=nfs,rw,hard,intr autofs.laboratorio.com.br:/ldaphome/tony

# sed -i 's/^ $//g' users_groups.ldif
# ldapadd -x -D "cn=admin" -f users_groups.ldif -h localhost -p 389 -w senha123

Configuração no cliente

# yum install openldap-clients nss-pam-ldapd pam_ldap nscd autofs rpcbind nfs-utils

# authconfig --enableldap --enableldapauth --ldapserver=ldap://ldap.laboratorio.com.br:389/ --ldapbasedn="ou=PosixAccount,dc=laboratorio,dc=com,dc=br" --enablecache --disablefingerprint --kickstart

# cat /etc/sysconfig/autofs
LDAP_URI="ldap://ldap.laboratorio.com.br:389/"
SEARCH_BASE="ou=PosixAccount,dc=laboratorio,dc=com,dc=br"
MAP_OBJECT_CLASS="nisMap"
ENTRY_OBJECT_CLASS="nisObject"
MAP_ATTRIBUTE="nisMapName"
ENTRY_ATTRIBUTE="cn"

# systemctl restart nslcd
# systemctl enable autofs
# systemctl restart autofs

Novo Usuário

# cat linus.ldif
dn: cn=linus,nisMapName=auto.home,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: tony
objectClass: nisObject
nisMapName: auto.home
nisMapEntry: -fstype=nfs,rw,hard,intr autofs.laboratorio.com.br:/ldaphome/linus
 
dn: cn=linus,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: tony
objectClass: top
objectClass: posixGroup
gidNumber: 1052
 
dn: uid=linus,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
cn: Linus Torvalds
sn: Torvalds
givenName: Linus
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
uidNumber: 1052
gidNumber: 1052
homeDirectory: /ldaphome/linus
loginShell: /bin/bash
uid: linus
userPassword: {SSHA}D6hb0o/v32C82e1XzwCozoWB3kKBM6m9
 
dn: cn=sysadmin,ou=PosixAccount,dc=laboratorio,dc=com,dc=br
changetype: modify
add: memberUid
memberUid: linus

# sed -i 's/^ $//g' linus.ldif
# ldapadd -x -D "cn=admin" -f linus.ldif -h localhost -p 389 -w senha123

Create Home Directory on NFS server

# mkdir /ldaphome/linus
# cp /etc/skel/.[a-zA-Z0-9]* /ldaphome/linus
# chown -R linus: /ldaphome/linus
# chmod 750 /ldaphome/linus
# semanage fcontext -a -t home_root_t "//ldaphome/linus(/.*)?"
# restorecon -v /ldaphome/linus

Referência: http://mwiki.yyovkov.net/index.php/Install_LDAP_port_389_on_CentOS

Table of Contents

nisMap

Usuários e grupos

Configuração no cliente

Novo Usuário